Security Risk Assessment ServiceS

NEW! NETWORK SCANNIING

WARNING: IF YOUR SITE IS FOUND TO BE INJECTED OR HAVE MALICIOUS MALWARE YOU COULD BE REMOVED FROM GOOGLE UNTIL YOU HAVE BEEN SECURED.

When users visit a web page, browsers like Chrome check the content that’s loaded to see if any part of it is potentially dangerous. When it detects a problem, the browser shows a warning, alerting users that content from a site we’ve identified as being malicious is being loaded. In many cases, we’ll also flag the original site as malicious, which alerts the webmaster and helps toprotect potential users.

There are situations where the currently viewed site is not flagged on our Safe Browsing list, but users still see a warning in the browser. In this case, that site may have attempted to load content from a different website, one that is known to contain malicious content. We call this a cross-site warning. In Chrome, this is denoted with a browser interstitial with the following graphic:

SECURITY

With the emergence of Web 2.0, increased information sharing through social networking and increasing business adoption of the Web as a means of doing business and delivering service, websites are often attacked directly. Hackers either seek to compromise the corporate network or the end-users accessing the website by subjecting them to drive-by downloading.

As a result, industry is paying increased attention to the security of the web applications themselves in addition to the security of the underlying computer network and operating systems.

The majority of web application attacks occur through cross-site scripting (XSS) and SQL injection attacks which typically result from flawed coding, and failure to sanitize input to and output from the web application. These are ranked in the 2009 CWESANS Top 25 Most Dangerous Programming Errors.

According the security vendor Cenzic, the top vulnerabilities in March 2012 include:

Network scanning is a procedure for identifying active hosts on a network, either for the purpose of attacking them or for network security assessment. Scanning procedures, such as ping sweeps and port scans, return information about which IP addresses map to live hosts that are active on the Internet and what services they offer.

Complete network scan.
Listing all nodes on the network. Their ports and vulnerabilities possibilities.

Targeting a specific matter based on the customer need .. And giving them a result whether it is secured or not.
In Mcla case.. It's their patient info files.

Scan details.
.. evaluate router wireless password and determine the strength.
.. evaluate the type of encryption for the wireless password.
.. scan the network for active nodes
.. scan each pc for open ports and vulnerable interfaces.
.. scan the network for printers and their status and whether their web interface is protected or not.
..scan pcs for shared folders and documents and alert you if unintended information are shared.
.. determine firewalls protections for each pc and their protection level.
.. give a report of what needs to be done to secure your network against intrusions

SUBSCRIPTION SERVICES

Once your site is secured, we can then monitor the on-going security health of your Website with either weekly or monthly testing to keep a steady watch on the health of your sites sensitive information.

Monthly testing

Weekly testing

CHOOSE THE PLAN THAT IS BEST FOR YOU.

CAPTCHA NUMERIC

$65.00

We can install a numeric code Captcha to run on your Form for a flat fee of $65.00/form.

A CAPTCHA is a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot.

1. used on the web to protect registration and comment forms from spam.
3. Protectings Email Addresses from being captured.
2. If your form is attacked you could get flooded with spam emails.
3. and if you exceed your email allottment per day it would prevent you from receiving your real customers submittal.
4. If your attack continues the domain host might block your sender email or ip.
5. If your email address is blocked or your limit gets exceeded you will go through a hastle with the your Domain host.
6. Prevents Comment Spam in Blogs
7. Protectsng Website Registration

SECURITY CONSULTING SERVICES

Managed Security Services Provider (MSSP), we are your single point of contact for your IT security needs, taking the burden of IT security off your plate so you can focus on your business.

we provide risk assessment and strategic advisory services to help you reduce risk, improve security controls

we provide custom solutions tailored to the individual needs of your business

VULNERABILITY TERMS

DATA THEFT is a growing problem primarily perpetrated by office workers with access to technology such as desktop computers and hand-held devices capable of storing digital information such as USB flash drives, iPods and even digital cameras. Since employees often spend a considerable amount of time developing contacts and confidential and copyrighted information for the company they work for, they often feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment.

While most organizations have implemented firewalls and intrusion-detection systems very few take into account the threat from the average employee that copies proprietary data for personal gain or use by another company.[citation needed] A common scenario is where a sales person makes a copy of the contact database for use in their next job. Typically this is a clear violation of their terms of employment.

ROBOT can be any kind of script, like a pearl script or a pytohn script, and they would look around the internet, for websites, randomly, and they try to find vulnerabilities to hack into those websites and report to their masters‏

HACKER (computer security) someone who seeks and exploits weaknesses in a computer system or computer network

MALWARE (also known as spyware or adware) can install itself on your computer without your knowledge. It can display pop-up ads, redirect you to unwanted websites, steal your personal information, and slow your Internet connection speed.

PHISHING is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware.[3] Phishing is typically carried out by email spoofing[4] or instant messaging,[5] and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

PENETRATION TESTING or the short form pentest, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data. The process involves identifying the target systems and the goal, then reviewing the information available and undertaking available means to attain the goal. A penetration test target may be a white box (where all background and system information is provided) or black box (where only basic or no information is provided except the company name). A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses (if any) were defeated in the penetration test.

The process involves identifying the target systems and the goal, then reviewing the information available and undertaking available means to attain the goal. A penetration test target may be a white box (where all background and system information is provided) or black box (where only basic or no information is provided except the company name). A penetration test can help determine whether a system is vulnerable to attack, if the defenses were sufficient and which defenses (if any) were defeated in the penetration test.[3]

SECURITY ISSUES uncovered through the penetration test should be reported to the system's owner.[citation needed] Penetration test reports may also assess the potential impacts to the organization and suggest countermeasures to reduce risk

EMAIL HARVESTING is the process of obtaining lists of email addresses using various methods for use in bulk email or other purposes usually grouped as spam.

The goal of this attack is to order an application to access a computer file that is not intended to be accessible. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.

DATA MANIPULATION LANGUAGE (DML) is a family of syntax elements similar to a computer programming language used for selecting, inserting, deleting and updating data in a database. Performing read-only queries of data is sometimes also considered a component of DML

SQL INJECTION is defined as a database attack perpetrated by cyber criminals by exploiting a vulnerability in the SQL generation process of a database-connected application. In the SQL injection attack a SQL code fragment is entered (e.g. injected) into a form field, URI stem, or cookie value so that when its processed by the vulnerable application results in rogue SQL statements being sent to the database. A rogue SQL statement typically attempts to access, modify or delete content in the database it would generally not be authorized to access. In extreme cases a SQL injection attack can even gain control of the server on which the database resides, creating even greater security risks. This form of exploit is possible because the code fragments are dynamically injected into an actual SQL query without the proper sanitization or parameterization. Although SQL injection attacks have been documented since the late 1990’s, this method of attack still accounts to a very large percentage of records breached every year.

CROSS SITE SCRIPTING (XSS) is a type of computer securityvulnerability typically found in Web applications. XSS enables attackers to injectclient-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.

CROSS-SITE REQUEST FORGERY also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf[1]) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.[2] Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

In computing, a denial-of-service (DoS) or distributed denial-of-service (DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users.
Although the means to carry out, the motives for, and targets of a DoS attack vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

As clarification, distributed denial-of-service attacks are sent by two or more people, or bots, and denial-of-service attacks are sent by one person or system. As of 2014, the frequency of recognized DDoS attacks had reached an average rate of 28 per hour

SERVICES

TESTIMONIALS

"Robert Grant explained what the Grant Web Security System could do for us. They did a security scan and made several suggestions which were implemented to reduce our vulnerability, including adding CAPTCHA to secure our web forms. This work was completed promptly and for a very reasonable fee. Hackers will always be looking for ways to get information, but with the Grant Security System monitoring our website, I do feel we are doing our best to protect our patients."
Neil
MCLA